batcave: renew proxy letsencrypt certs weekly
We occasionally run into problems with certs that aren't renewed in time or are close to expiring. Just running the proxies playbook will renew them, but in freezes or the like sometimes there's a long time period where we don't run that playbook. So, lets just run weekly with the right tag. This should renew any cert thats close to expiring. The job shouldn't normally output anything, but if there's errors it will email them to admin@ Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
parent
5310a60518
commit
c5f2475537
|
@ -0,0 +1,8 @@
|
|||
#!/bin/bash
|
||||
mailto='admin@fedoraproject.org'
|
||||
source /root/sshagent >>/dev/null
|
||||
export ANSIBLE_HOST_KEY_CHECKING=False
|
||||
export HOME=/root/
|
||||
#export ANSIBLE_SSH_PIPELINING=False
|
||||
export ANSIBLE_HASH_BEHAVIOUR=merge
|
||||
timeout 24h ansible-playbook /srv/web/infra/ansible/playbooks/groups/proxies.yml -t letsencrypt -f 20 |& grep fatal
|
|
@ -258,6 +258,17 @@
|
|||
- config
|
||||
when: inventory_hostname.startswith('batcave01')
|
||||
|
||||
#
|
||||
# Setup job that runs letsencrypt on proxies each week
|
||||
#
|
||||
|
||||
- name: setup letsencrypt run for proxies
|
||||
copy: src=proxy-certs-check-renew.cron dest=/etc/cron.weekly/proxy-certs-check-renew.cron mode=0755
|
||||
tags:
|
||||
- batcave
|
||||
- config
|
||||
when: inventory_hostname.startswith('batcave01')
|
||||
|
||||
#
|
||||
# Setup rhel6 sync script.
|
||||
#
|
||||
|
|
Loading…
Reference in New Issue